<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1" import="Connect.*"%>
<%
	//Redirect to the home page if the user is not a manager.
	if (session.getAttribute("user_type") == null) {
		response.sendRedirect("no_permission.jsp");
	} else if (!session.getAttribute("user_type").equals("0")) {
		response.sendRedirect("no_permission.jsp");
	}
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
<title>Hammer Time Auctions</title>
<script language="javascript" type="text/javascript">
	function deleteClicked() {
		if (confirm('Are you sure you want to delete this employee?')) {
			var myForm = document.createElement("form");
			myForm.setAttribute('method', "post");
			myForm.setAttribute('action', "delete_user.jsp");
			var data = document.createElement("input");
			data.setAttribute('type', "hidden");
			data.setAttribute('name', "username");
			data.setAttribute('value', edit.username.value);
			myForm.appendChild(data);
			javascript: myForm.submit();
		}
	}
	function saveClicked() {
		if (confirm('Are you sure you want to edit this employee\'s profile?')) {
			javascript: edit.submit();
		}
	}
</script>
</head>
<body>
	<div id="content">
		<%@include file="header.jsp"%>
		<form name="edit" action="update_user.jsp" method="post">
			<table class="center">
				<%
					// Retrieve the submitted information.
					String username = request.getParameter("username");
					if (username != null) {
						// If the username was not null display the user's information.
						out.println("<h1>Edit " + username + "'s profile</h1>");
						out.println("<hr></hr>");
						// Create a back button.
						out.println("<a href=\"manage_employees.jsp\" class=\"margin-5px button\">Back</a>");

						// Getting information and updating the database.
						java.sql.Connection conn = null;
						try {
							// Connect to the database.
							Class.forName(ConnectionInfo.myJDBCDriver()).newInstance();
							java.util.Properties sysprops = System.getProperties();
							sysprops.put("user", ConnectionInfo.myUserID());
							sysprops.put("password", ConnectionInfo.myPassword());
							conn = java.sql.DriverManager.getConnection(ConnectionInfo.myURL(), sysprops);

							// Check if the requested username exists.
							java.sql.Statement statement = conn.createStatement();
							java.sql.ResultSet rs = statement
									.executeQuery("SELECT users.*, employees.start_date, employees.hourly_wage, employees.level, employees.ssn "
											+ "FROM users RIGHT JOIN employees ON users.username = employees.username ORDER BY users.username");
							if (rs.next()) {
								// Move cursor to the correct row with the desired employee's information.
								while (!username.equalsIgnoreCase(rs.getString("username")) && !rs.isLast()) {
									rs.next();
								}
								// Username exists, display the user's information.					
								java.sql.ResultSetMetaData columns = rs.getMetaData();
								for (int i = 1; i <= columns.getColumnCount(); i++) {
									out.println("<tr><th>" + columns.getColumnName(i) + "</th>");
									if (i == 1) {
										out.println("<td>" + rs.getString(columns.getColumnName(i)) + "<input type=\"hidden\" name=\"username\" value=\""
												+ rs.getString(columns.getColumnName(i)) + "\" </td></tr>");
									} else {
										if(i==13){
											out.println("<td>" + rs.getString(i)+ "</td>");
											out.println("<td><input name=level type=hidden value='" + rs.getString(i)+"'></td>");						  	
											out.println("</tr>");						
											out.println(" </td></tr>");
										}else{
											out.println("<td><input type=\"text\" value=\"" + rs.getString(columns.getColumnName(i)) + "\" name =\""
													+ columns.getColumnName(i) + "\" /></td></tr>");
										}
									}
								}
								out.println("<tr><td><a href=\"#\" class=\"right red-button\" title=" + rs.getString(columns.getColumnName(1))
										+ " onclick=\"return deleteClicked()\">Delete User</a></td><td><a href=\"#\" class=\"right button\" title="
										+ rs.getString(columns.getColumnName(1)) + " onclick=\"return saveClicked()\">Save Changes</a></td><tr>");

								// Clear attributes after they have been read.
								session.setAttribute("username", null);
							} else {
								// Username does not exist, display error message.
								out.println("<br /><br /><br /><br /><br /><br />");
								out.println("<div class=\"center error-text sidebar section\">ERROR: The specified username was not found.</div>");
							}
						} catch (Exception e) {
							e.printStackTrace();
							out.print(e.toString());
						} finally {
							try {
								conn.close();
							} catch (Exception ee) {
							}
						}
					} else {
						// There is no requested username.
						out.println("<hr></hr><br /><br /><br /><br /><br /><br />");
						out.println("<div class=\"center error-text sidebar section\">ERROR: No username was specified for fetching.</div>");
					}
				%>
			</table>
			<input name="user_type" type="hidden" value="employee" />
		</form>
	</div>
	<hr></hr>
	<%@include file="footer.jsp"%>
</body>
</html>